2020.04.02 09:00 "Re: [Tiff] Question about security vulnerabilities in tiff 4.0.10", by Thomas Bernard

 I believe all information is available in the gitlab repository:
 https://gitlab.com/libtiff/libtiff
 so you could do the verification yourself.

 * https://nvd.nist.gov/vuln/detail/CVE-2019-6128 / http://bugzilla.maptools.org/show_bug.cgi?id=2836
 Was fixed here:
 https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971
 this change is included in v4.1.0

 * https://nvd.nist.gov/vuln/detail/CVE-2019-14973
 fixed here:
 https://gitlab.com/libtiff/libtiff/-/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773
 this change is included in v4.1.0

 * https://nvd.nist.gov/vuln/detail/CVE-2019-17546
 https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
 this change is included in v4.1.0

 * https://nvd.nist.gov/vuln/detail/CVE-2019-7663
 https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
 this change is included in v4.1.0

 Thomas Bernard - thomas.bernard@cls.to
 Conseil Logiciel Securite SAS
 1 passage du Surmelin
 75020 Paris
 Tel: +33 9 52 53 61 63
 Cellulaire: +33 6 69 95 24 79
 Fax: +33 9 57 53 61 63

Editor's note: This mail was not originally archived, and has been reconstructed from quotes.